azazel: Install pechar declaratively

Had to add CORS header to mediacache so that canvas can access the image data.
jtojnar · Jun 8, 2021 · 29d6c3d · 29d6c3d
1 parent e3d5f63
commit 29d6c3d
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 0 deletions.
diff --git a/hosts/azazel/fan-club-penguin.cz/default.nix b/hosts/azazel/fan-club-penguin.cz/default.nix
@@ -12,6 +12,7 @@ in {
     ./kafu
     ./lisured
     ./mediacache
+    ./pechar
     ./preklady
     ./provider
     ./pengu
@@ -31,6 +32,7 @@ in {
     "kafu.fan-club-penguin.cz"
     "lisured.fan-club-penguin.cz"
     "mediacache.fan-club-penguin.cz"
+    "pechar.fan-club-penguin.cz"
     "preklady.fan-club-penguin.cz"
     "provider.fan-club-penguin.cz"
     "pengu.fan-club-penguin.cz"
@@ -63,6 +65,9 @@ in {
           user = "cpforum";
           phpPackage = pkgs.php74;
         };
+        pechar = mkPhpPool {
+          user = "pechar";
+        };
       };
     };
   };
@@ -74,25 +79,29 @@ in {
           "fcp"
           "cpforum"
           "pengu"
+          "pechar"
         ];
       };
 
       nginx = {
         extraGroups = [
           "fcp"
           "cpforum"
+          "pechar"
         ];
       };
 
       fcp = { uid = 500; group = "fcp"; isSystemUser = true; };
       cpforum = { uid = 511; group = "cpforum"; isSystemUser = true; };
       pengu = { uid = 512; group = "pengu"; isSystemUser = true; };
+      pechar = { uid = 515; group = "pechar"; isSystemUser = true; };
     };
 
     groups = {
       fcp = { gid = 500; };
       cpforum = { gid = 511; };
       pengu = { gid = 512; };
+      pechar = { gid = 515; };
     };
   };
 }
diff --git a/hosts/azazel/fan-club-penguin.cz/mediacache/default.nix b/hosts/azazel/fan-club-penguin.cz/mediacache/default.nix
@@ -13,6 +13,7 @@ in {
           path = "fan-club-penguin.cz/mediacache";
           config = ''
             location / {
+              add_header Access-Control-Allow-Origin *;
               try_files /from-icer.ink/$uri /from-fcp/$uri =404;
             }
           '';

diff --git a/hosts/azazel/fan-club-penguin.cz/pechar/default.nix b/hosts/azazel/fan-club-penguin.cz/pechar/default.nix
@@ -0,0 +1,79 @@
+{ config, lib, pkgs, ... }:
+let
+  myLib = import ../../lib.nix { inherit lib config; };
+  inherit (myLib) enablePHP mkVirtualHost mkPhpPool;
+in {
+  services = {
+    nginx = {
+      enable = true;
+
+      virtualHosts = {
+        "pechar.fan-club-penguin.cz" = mkVirtualHost {
+          acme = "fan-club-penguin.cz";
+          root =
+            pkgs.runCommand "pechar" {
+              src = pkgs.fetchFromGitHub {
+                owner = "ogioncz";
+                repo = "pechar";
+                rev = "48f3d48ad0111b38132afa59bda9a1be0a76da73";
+                sha256 = "r8oDLZz8b0M3Fpf3BfhOnpQouOvmtrPLlTjGmv5DcJc=";
+              };
+            } ''
+              cp -r "$src" "$out"
+              chmod -R +w "$out"
+              sed -i "s#var mediaServer = 'mediacache';#var mediaServer = 'https://mediacache.fan-club-penguin.cz';#" $out/main.js
+            '';
+          config = ''
+            index index.html;
+
+            location / {
+              try_files $uri $uri/ =404;
+            }
+
+            location ~ /data/composed/get\.php$ {
+              ${enablePHP "pechar"}
+            }
+
+            location ~ /data/composed/(.+)\.png {
+              root /var/cache/pechar;
+              try_files /$1.png /data/composed/get.php?path=$1;
+            }
+          '';
+        };
+      };
+    };
+
+    phpfpm = rec {
+      pools = {
+        pechar = mkPhpPool {
+          user = "pechar";
+          phpPackage = pkgs.php74;
+          phpOptions = ''
+            ; Set up $_ENV superglobal.
+            ; http://php.net/request-order
+            variables_order = "EGPCS"
+          '';
+          phpEnv = {
+            MEDIA_SERVER_LOCAL_DIRECTORY = "/var/www/fan-club-penguin.cz/mediacache/from-fcp";
+          };
+          settings = {
+            # Accept settings from the systemd service.
+            clear_env = false;
+          };
+        };
+      };
+    };
+  };
+
+  systemd.services.phpfpm-pechar = {
+    serviceConfig = {
+      CacheDirectory = "pechar";
+      ExecStartPost= [
+        # The service starts under “root” user and the phpfpm daemon then lowers the euid to “pechar”.
+        # But because systemd is not aware of that, the cache directory it creates does not have correct ownership.
+        "${pkgs.coreutils}/bin/chmod -R 700 %C/pechar"
+        "${pkgs.coreutils}/bin/chown -R pechar:pechar %C/pechar"
+      ];
+    };
+  };
+}